Cisco Firewall :: Pix515E 6.3.5 Capturing VPN Traffic On Inside INT

Nov 28, 2011

Quick question. I have a site - site tunnel that is up and running between a Pix 515E and a 3050 appliance.Tunnel is up and running but on the pix side I dont see traffic from a couple of subnets behind the inside interface.On the vpnallow access list there are no hits So I setup a capture on the inside interface to see if the packets is making it to the inside interface and nothing. There is some traffic making it thru the tunnel that would have to hit the inside int first and even that doesnt showup in the capture.

View 1 Replies


Cisco LAN :: 2811 / Traffic-export Capturing Only Inbound Traffic?

Mar 19, 2013

We have a Cisco 2811 running ITP IOS.  On that router we run the SMPP service.  A client on the network connects to this service, and we need to capture the traffic for debug.
I've tried traffic-export, but I cannot see any outbound traffic.I'm guessing that this is due to the fact that the outbound SMPP traffic is not transit traffic as it is generated by the router itself.
Is there any way to capture the outbound traffic?

View 4 Replies View Related

Cisco WAN :: C6500 / Linux Machine Setup When Capturing Traffic?

Dec 30, 2011

I am monitoring 2 or more source interfaces which are running 1G traffic on each interface. Destination is 10G interface.There are 2 kinds of traffic running through the source interfaces: icmp and regular IP traffic. I am only interested in capturing icmp traffic. How can I achieve my goal?I don’t have any vlan traffic at all. Router is c6500.
         source (1G)                    destination (10G)
------------------------- Router --------------------------------------Linux
                                    |   source (1G)                        

View 1 Replies View Related

Cisco WAN :: SPAN Session On 2960 Switch Capturing Only Control Traffic

Nov 21, 2011

I have configured SPAN session on 2960 switch, source port being a VLAN and destination being one of the fastethernet ports. All I see in the capture is control traffic (HSRP, RIP, Syslog, DNS..etc). However I dont see any real data traffic being captured. Below is how I have SPAN configured..
monitor session 1 source vlan <vlan_id> both
monitor session 1 destination interface fa0/42

View 1 Replies View Related

Cisco Switching/Routing :: Not Capturing Span Traffic On WS-4510 / SupervisorV / 12.2(54)SG1

Mar 22, 2012

I have configured Span port on our 4510. We have an application 5view server to monitor trafic connected to G9/17 Since we have changed the network connection from physical Giga port and add a Port-channel instead, we don't see any more trafic from the new Port-channel to G9/17
We have the configuration below on our 4510 :
monitor session 1 source interface Gi4/6
monitor session 1 source interface Po20
monitor session 1 filter vlan 311 - 312 , 375
monitor session 1 destination interface Gi9/17
From the commands show, we don't see the trafic duplication from the source to the destination port :
Port Source
4510-5567#sh int po20
Port-channel20 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0016.9de2.a818 (bia 0016.9de2.a818)


View 2 Replies View Related

Cisco Firewall :: ASA 8.4 / NAT SMTP Traffic From Outside To Inside?

Dec 25, 2012

Most examples of NAT translation using an ASA 8.4 are based on servers within a DMZ. In my case it's not because the mailserver also functions as an data and Active Directory server for my local domain.  If tried to config the ASA for a while now and throw it in the corner for a couple of months out of frustration. Now I got some time left during christmas break I decided to start again.My purpose is to NAT SMTP / POP traffic from the internet, trough the ASA to my (inside) server. This is what I got so far. With this config I'm unable to telnet the inside server ( from a remote location.
ASA Version 8.4(3)!hostname ciscoasaenable password cE8UUNd encryptedpasswd 2KFQ.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.218!ftp mode passiveobject network obj_anysubnet network server1_smtphost network server1_pop3host outside_access_in extended

I can ping from the ASA CLI. I can Ping DNS from the CLI (internet access). I can Telnet the server from the inside LAN, using: telnet 25.But I can't Telnet from an outside location using: Telnet 95.*.*.218 25 Because my server is on the Inside interface (diffenrent subnet) do I need an additional route?

View 5 Replies View Related

Cisco Firewall :: 5520 - Traffic From Inside To Outside

Mar 2, 2011

I am setting up a pair of 5520 in A/S mode but the traffic from inside to outside seems blocked somehow.

asa01# sh run : Saved
ASA Version 8.3(1)
host name asa01
enable password LFJ8dTG1HExu/pWQ encrypted
password 2KFQnbNIdI.2KYOU encrypted

Base on the above configuration, I still cannot ping or HTTP.

View 10 Replies View Related

Cisco Firewall :: 5510 Allow Traffic Inside To Outside

Nov 18, 2011

One Host on inside network needs to access customized application hosted on Internet. Its a customized application run on port 80, 443, 5000-to-50020

How do I allow this host access for this specific application. I got ASA 5510 and host is in the inside network, we also got an ACL on inside interface to have control.
-Host IP on inside network  -
-Application to access - 74.219.x.x
-Inside ACL name - inside-acl

View 5 Replies View Related

Cisco Switching/Routing :: 4900 Capturing VLAN Traffic And Set Destination To GE Ports

Jan 24, 2012

At present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.

View 1 Replies View Related

Cisco Switching/Routing :: Capturing Traffic Flows From 3750 To 6509 Then To Netflow

Aug 6, 2012

I am aware that the 3750 switches are not able to support Netflows, so I have created a SPAN port and spanning traffic from a specific port. I would like to create a seperate VLAN and trunk the traffic from the SPAN port down to the 6509 switch and then capture all the traffic for that VLAN on the 6509.

View 4 Replies View Related

Cisco Firewall :: Allowing Traffic From Inside To Outside ASA5505 7.2(3)

May 15, 2012

Let me start by saying that I'm just starting to study for CCNA, so the ASA seems to be a bit above me yet.  The ASA's we are using is for VPN to our corporate office and only allowing access to our Citrix environment, so no direct internet allowed.  We have a person who works in the remote office who has need for a caption telephone that requires direct access to the internet.  The phone only supports DHCP, and getting the ASA to do an ARP reservations is proving difficult.  For now I wrote an access list to allow it's DHCP address out but it still isn't working.  The access list I wrote is:
access-list 101 extended permit ip host any log
access-list 101 extended permit ip any any
access-group 101 out interface outside
When I do a show access-list I'm seeing that traffic is hitting the access list as the hit counter has increased.  When I do a show conn I'm seeing one of the IP's that the phone should have access to, however the flags are: saA, so I'm assuming they are not getting a response.  According to the manufacturer, only outbound connections are needed, no incoming ports required.  All traffic is TCP.

View 8 Replies View Related

Cisco Firewall :: 5520 Can't Get Traffic From Inside To Internet

Nov 27, 2011

I am trying to make a basic config on my 5520. The first goal is to make trafic from inside to outside.The internet address is and the default internet gw is am I missing since I can not get trafic from inside to the internet? [code]

View 10 Replies View Related

Cisco Firewall :: ASA 5505 - Allow Traffic Between Inside Interfaces

Nov 9, 2011

I trying to allow traffic between 2 inside interfaces with the same security level.  VLAN1 and VLAN15.  The are on different physical ports on the ASA.  I tried to configure this through the GUI Web interface and checked ' enable traffic between two or more interfaces with the same security levels'.  With this ASA version, I do not need NAT to allow this, correct?
ASA Version 8.2(1)
hostname ciscoasa


View 1 Replies View Related

Cisco Firewall :: NASA5510 Working Traffic Inside Of Same Interface

Oct 13, 2012

I need to configure a Cisco ASA5510.Connencted the a single interface I have a switch. To this switch (same VLAN) there are connected:
1. The Subnet of the main office (

2. A router  (IP that routes the traffic to a remote location (Subnet
I have so allowed any traffic incoming to the inside interface as follows:access-list inside_access_in extended permit ip any any and I have permitted traffic intra interface as follows: same-security-traffic permit intra-interface. [code]Unfortunately I cannot RDP into that server. When I simulate the connection via Packet tracer, it tells me that the implicit deny on the bottom of the connections from "inside" (firewall) does not allow the connection. It sounds to me like that "same-security-traffic permit intra-interface" does work only if there are 2 interfaces and not a single one.Unfortunately I cannot just unplug the cable and connect it into another port as the ip is on the same subnet and I cannot configure the other end router.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Dropping UDP / 53 Traffic On Inside Interface?

Jul 21, 2012

We have a Cisco ASA 5505 (v7.2(3)) with a "fairly" normal configuration yet we have a problem where it appears UDP/53 traffic is denied on our inside network.
here is output from our sys log:

SyslogID   Source IP      Dest IP    Description
305006                   portmap translation creation failed for udp src inside: dst inside:
To give some clarification:      is one of our DNS servers  is a device we're experimenting with.
We've bypassed the Cisco by using a 4G wireless router with this same device - and it works flawlessly.Here is a [scrubbed] copy of our config. It is what I inherited from the previous admin - I'm not sure of all its finer points (I'm not Cisco certified -- perhaps I'm just certifiable.)
: Saved 
 ASA Version 7.2(3)
 hostname [redacted]


View 5 Replies View Related

Cisco Firewall :: ASA 5520 - Permit Traffic To Inside Via MAC - Address?

Apr 6, 2011

I have a handheld device that will be used for inventory outside of our office. It has 3g capabilities. Is there anyway I can permit traffic from this device from the outside world coming into my network?  I need to open a couple of ports so it can hit the server. But I have no intention to open these ports up to the entire world.  I use an ASA 5520 with a managed router from our provider. I looked around on the Cisco site and the only information I found was for permitting and denying traffic from devices that are within the network.

View 2 Replies View Related

Cisco Firewall :: ASA 5540 Blocking Legit Traffic From Inside

Aug 21, 2011

I just made a move from a PIX 506 to an ASA 5540.  I have a user that currently logs into a web portal and runs a job.  It is now erroring out.  When I run the test it gives me the following message:
Testing ports...
Port 1433: Failed
Port 1150: Success
Port 80: Success
Port 443: Success
One or more tests have failed
The computer we access this site from is on the inside network and the ACL says permit ip any any from the inside out so I am not sure why it is failing.  Under the ASA Home screen I see the Top 10 Protected Servers under SYN Attack and it appears that the ASA thinks this is some sort of attack. 

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Traffic Between Multiple Inside Interfaces

Oct 10, 2011

I've been trying to figure this one out for quite a while.  I currently have 2 inside interfaces (data, phone) and I am moving to 3 inside interfaces (servers, workstations, phones).  I have not been able to get any traffic between the interfaces.  With the current setup it was not a major problem.  With the new setup it will be a major problem.
Below is a sanitized version of the config.

ASA Version 8.2(1)
hostname BOB


View 11 Replies View Related

Cisco Firewall :: ASA 5505 NAT Rules Blocking Inside Traffic

Jan 7, 2012

Previous attempts to set up these NAT rules has been met with minimal success. We have been able to get the NAT rules created, and able to ping our inside servers and receivers from a  different outside network, but every time we get that far our internal network crashes.  Running the Packet Trace utility via the ASDM shows that internal traffic from the servers to  the workstations is being blocked by the default implicit rule under the access rule heading  that states "any to any, service being ip, action= deny". Reverse traffic from the workstations to  the servers is being allowed though. In an effort to start over again, the Cisco ASA has been  Factory Defaulted via the CLI, and has had it's Inside network, and Outside IP address set back up. DHCP pool has been setup for a minimal amount of addresses on the   inside network, since  most of our equipment will always be assigned statics. We reset our static NAT policies, and  seem to be having the same problem. My partner and I have been working on this for some time now, and have ourselves so frustrated that I know we are missing something simple. [code]

View 10 Replies View Related

Cisco Firewall :: ASA 5505 PPPOE Traffic Statistic Doubled Between Inside And Outside

Mar 12, 2013

I've an ASA 5505  connecting to a vdsl modem. The ASA is doing the PPPoE encapsulation. I've noticed the traffic amount on the outside interface is always twice the bandwidth it receives on its inside interface. I can't believe the PPP encapsulation is taking that much. Only two interfaces (inside and outside)

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Peer-2-Peer Traffic From Inside To Outside Blocked?

Apr 19, 2012

I got ASA 5510 with base license, can I block all Peer-2-Peer traffic from inside to outside.

ASA Giga 0/0 connected to ISP Router 2811

ASA Giga 0/1 connected to LAN switch 3560

View 3 Replies View Related

Cisco Firewall :: PIX 501 / Can Traffic Goes From Inside Interface To Outside Interface

Oct 9, 2011

I have Pix 501 firewall and I'm just configuring the device for "Email Server" to allowing POP/SMTP.
Inside Interface Address:
Outside Interface Address: ISP provided IP address
My question is can my traffic goes from inside interface to outside interface? (because the inside interface address not from 10.0/172./192.168 private address)Also I'm allowing internet from this email server ( so what my access list to be configured? and what my subnet mask shoud be there?
Pix(config)#access-list outbound permit tcp any eq 80
Pix(config)#access-list outbound permit udp any eq 53
Pix(config)#access-group outbound in interface inside

View 7 Replies View Related

Cisco Firewall :: Getting VPN-3DES-AES Key For PIX515E?

Mar 27, 2013

I have a PIX 515E UR which I would like to activate the VPN-3DES-AES license. I did find a link to register the license, but after following the link and logging into my old CCO account i found that as I didn't have access to anything, so couldn't complete the procedure.Is there any way that I can get the license activated? I bought the unit from a Cisco partner quite some time ago, but never needed the 3DES license. Now I do.

View 3 Replies View Related

Cisco Firewall :: Need Test Configuration With PIX515E

Jun 27, 2012

I need configuring a newly reinstated PIX515E with IOS 6.3 to test the configuration of a load balancer.I would like to setup with two Inside interfaces (or simply two interfaces) for testing. I just need it to pass traffic (basically HTTP and HTTPS) between these two interfaces without using NAT.The older IOS is causing me some problems. I don't have an outside interface configured for Internet access,but trying to connect via IP address does't work either. I may be able to configure a second DNS server for the 192.168.12.X network for testing purposes if needed. I even tried to set the default route to the Interface of the production ASA's inside interface (3.1), but that did not work either.

View 6 Replies View Related

Cisco Firewall :: PIX515E Change IP Address

Feb 12, 2012

I just added a PIX515E to my lab (since this is a lab, if I need to change IP address, that is not a problem)....I thought I configured it right, but I am not able to ping any of my other routers/PCs.I have EIGRP on the other three routers, but not sure if I configured it right on the PIX.The diagram below shows my current network topology....(right now the PIX is connected vai Ethernet 1 to the switch, not the router itself) [code]

View 13 Replies View Related

Cisco Firewall :: Tell If PIX515e Image Is Genuine?

Aug 28, 2011

I just bought a used PIX515e. It is running version 8.0(3) and ASDM 6.1.5  Because I do not know the history of the unit, how can I tell if the image used came from cisco and not some download site?  I guess I should've thought about this before buying it but hindsight know. Worse case is that the person who had it before me dl the software that was infected with a backdoor or something else. I don't have a service contract so I'm kinda stuck.
Can I download the image from the firewall flash and compare a MD5SUM?

View 12 Replies View Related

Cisco Firewall :: PIX515e Software Upgrade From 7.2 To 8.0.3 (ED)?

Feb 16, 2012

We are planning to upgrade the PIX515e (128 MB, 16 MB flash) adaptive software from 7.2(4) to 8.0.3(ED). In our environment the two PIXes are working in active-standby mode and experiencing high memory utilization.
1) What are the bug fixes(like memory leak fix) and new configuration options in the 8.0.3(ED)?

2) Is there any issues to upgrade 7.2 to 8.0.3(ED)?

3) Is the upgrade to new version software fix the memory utilization issue?

View 1 Replies View Related

Cisco Firewall :: Pix515e Ethernet 3 / 4 And 5 Not Licensed

Sep 8, 2012

why the ethernet 3,4,5 is not licensed here ?

View 3 Replies View Related

Cisco Firewall :: PIX515E - No Translation Group Found For TCP

Mar 17, 2012

i wounder why i'm getting such log message whenever i'm trying to reach my remote site: No translation group found for tcp src outside XXXX dst dmz ZZZZ, i have a Cisco PIX515E firewall and that message is captured there, the traffic is going through a VPN tunnel (the VPN are up on both ends)

View 2 Replies View Related

Cisco Firewall :: Standby PIX515E Not Working After 1 Hour?

Jun 28, 2012

We have two PIX515E ( 6.3), one is Primary( Active) and second one is Standby. after configuration of Secondary Firewall as Standby. getting problem.
1. Configuration part everything is fine

2.we have done failover text also .
Aster Some time , we are not able see Standby Firewall its going down .

View 2 Replies View Related

Cisco Firewall :: PIX515E - Create VPN To Clients Office

Sep 15, 2011

I have a PIX515E. I need to create a vpn to my clients office. PIX is alerady having two VPN, among two one is a dynamic VPN to a dynamic IP of netgear router.
It has two gateway(public IP). Configuration in MH2001 is pretty simple. and i have completed it.I have also completed configuration in PIX using ASDM. But the VPN is not up till now.


View 1 Replies View Related

Cisco Firewall :: Unable To View PIX515e Via ADSM

May 20, 2012

I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?
PIX Version 8.0(4)32
hostname pixfirewall
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted(code)

View 1 Replies View Related

Cisco Firewall :: Unable To View PIX515e Via ASDM?

May 20, 2012

I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?
PIX Version 8.0(4)32
hostname pixfirewall


View 3 Replies View Related

Copyrights 2005-15, All rights reserved